CN109840411B

CN109840411B - Application protection method and system

Info

Publication number: CN109840411B
Application number: CN201810164759.1A
Authority: CN
Inventors: 王喆; 武成岗; 赖远明; 康妍
Original assignee: Institute of Computing Technology of CAS
Current assignee: Institute of Computing Technology of CAS
Priority date: 2018-02-27
Filing date: 2018-02-27
Publication date: 2021-01-08
Anticipated expiration: 2038-02-27
Also published as: CN109840411A

Abstract

The invention relates to a protection method and a system of application, comprising the following steps: acquiring the application, wherein the application comprises a first part of application and a second part of application, and the memory space comprises a security area; storing the first part of application to the safe area, storing the second part of application to the memory space outside the safe area, and randomly placing the address pointing to the safe area into a virtual address space; when a tentative action occurs in the virtual address space, randomly moving the position of the safe region in the memory space, and leaving a trap region which is forbidden to access at the original position of the safe region; when any access to the trap area is detected, a warning message for accessing the trap area is reported to the user. As the number of probes increases, the number of times a security region is randomized also increases, so that the attacker's next probe will be captured with a high probability.

Description

Application protection method and system

Technical Field

The invention relates to the field of Security and Protection (Security and Protection) of application software, in particular to an information hiding method and system.

Background

Due to low overhead and high security features, information hiding has become the defense basis for numerous defense mechanisms. Many defense mechanisms utilize this hiding technique to protect their critical data. For example, protecting the jump target of the jump instruction with it, protecting all code pointers, protecting the keys used for encryption and decryption, protecting the secure stack frame, protecting all code variant addresses, etc. This technique randomly places hidden areas (referred to herein as "secure areas") into a large virtual address space and ensures that all pointers to the secure area cannot be revealed. The huge random entropy makes it difficult for an attacker to guess where the secure area is. The secure area can only be legally accessed by means of a special register plus offset.

For a long time, it has been considered safe and reliable to protect critical data using information hiding techniques. However, with the development of the heuristic attack technology, the information hiding technology is cracked. One type of approach is to avoid a crash in the probing process so that an attacker can get the opportunity to continue probing. Some researchers have taken advantage of the work process self-start feature of web server applications to avoid crashes in the heuristic process. Still others have employed registration signal processing functions to avoid crashes. A more covert heuristic technique was therefore created that indirectly infers the location of a secure area by repeatedly applying for memory to measure the size of unallocated areas (empty areas). The second way is to reduce the random entropy of the secure area, and an attacker observes that many secure areas are thread-local, so that a large number of secure areas can be ejected in the virtual address space by a large number of ejected threads, thereby reducing the random entropy. The emergence of these new attack methods has made the information hiding technology no longer effective, while the defense mechanisms using this technology face significant security threats.

To solve the above security problem, the memory security proposes two strong isolation means to protect the secure area: one is a domain-based isolation approach; the other is an address-based isolation method. For a secure area with infrequent access, it employs a first isolation method. Opening the memory access authority of the secure area by the memory location whenever the secure area needs to be accessed; and when the secure area does not need to be accessed, the memory management closes the memory access authority of the secure area. For the safety area with frequent access, a second isolation method is adopted, namely all the access instructions are inserted to restrict the access address of the access instruction so that the access address cannot access the position of the safety area. Based on these two defense methods, memory has developed a toolchain and a runtime environment. The protected program needs to compile the program using the compiler provided by the memory entry and display the specified secure region. The compiled program then runs in the runtime environment it provides.

Although the memory entry can effectively protect the secure area, it has many disadvantages that make the memory entry difficult to deploy. First, most of the security areas are frequently accessed by the existing defense mechanisms using information hiding technology. The memory entry can only use an address-based isolation method, but this method still incurs significant overhead (the overhead introduced by the memory entry is greater than 15% as tested by the SPEC CPU2006 benchmark set). Secondly, the memory entry needs a defense mechanism using an information hiding technology and the protected program needs active code to be recompiled. However, most existing defense mechanisms are for binary programs and do not require source code. For these defense mechanisms, MemSentry does not provide effective protection.

Through analyzing all defense mechanisms using the information hiding technology, the following contents are found to be stored in the security area of the existing defense mechanism: the code pointer, the address associated with the code location, the encryption key, and a secure stack local variable (which does not propagate, but is only accessed within the native function. By observing the contents of the secure area, it can be seen that the protected contents are all independent of the location of the secure area, i.e. no absolute address pointing to the secure area is stored in the secure area. The safe area position independence characteristic inspires that the present invention can resist existing heuristic attacks by continuously moving the position of the safe area.

Since the information hiding technique places a pointer to a secure area in an exclusive register and ensures that the register contents are not revealed, an attacker can only scan the memory violently by guessing to find the location of the secure area.

In fact, no matter what way an attacker uses to scan the memory virtual addresses, they need to complete the attack through the following three attack channels:

channel 1: gathering sufficient virtual memory layout information to efficiently infer a secure location;

channel 2: creating a large and continual chance of probing, and not causing the target process to crash;

channel 3: the random entropy of the safe region is reduced to increase the success probability of a single probe.

Disclosure of Invention

In order to solve the above technical problem, the present invention aims to provide a protection method for an application (the present invention), which includes:

step 1, acquiring the application, wherein the application comprises a first part of application and a second part of application, and a memory space comprises a safe area;

step 2, storing the first part of application to the safe area, storing the second part of application to the memory space outside the safe area, and randomly placing the address pointing to the safe area into a virtual address space;

step 3, when a tentative action occurs in the virtual address space, randomly moving the position of the safe region in the memory space, and leaving a trap region for forbidding access at the original position of the safe region;

and 4, when any access to the trap area is detected, warning information of accessing the trap area is reported to a user.

The protection method of the application, wherein the method further comprises:

starting the first part of the application, generating a protected first process, and distributing a private memory area for each thread of the first process; starting the second part of the application, generating a protected second process, and distributing a private memory area for each thread of the second process;

when a thread accesses the private memory area of other threads, warning information for accessing the private memory area is reported to a user.

The protection method of the application comprises the step of respectively maintaining an independent private extended page table for each thread, wherein each private extended page table corresponds to a private memory area.

The protection method of the application, wherein the step 2 comprises:

and updating the value in the exclusive register to point to the safety area after random movement every time the position of the safety area is randomly moved, and leaving the trap area with the same size as the safety area at the original position of the safety area.

The protection method of the application, wherein the heuristic action comprises memory allocation, memory permission setting, memory cloning and memory access.

The invention also discloses an applied protection system, which comprises:

the acquisition application module is used for acquiring the application, the application comprises a first part of application and a second part of application, and the memory space comprises a security area;

the random placement module is used for storing the first part of application to the safe area, storing the second part of application to the memory space outside the safe area, and randomly placing the address pointing to the safe area into a virtual address space;

the trap leaving module is used for randomly moving the position of the safe region in the memory space when a tentative behavior occurs in the virtual address space, and leaving a trap region which is forbidden to access at the original position of the safe region;

and the alarm module is used for reporting alarm information for accessing the trap area to a user when any access to the trap area is detected.

The protection system of this application, wherein this system still includes:

private memory starts the first part of the application, generates a protected first process, and allocates a private memory area for each thread of the first process; starting the second part of the application, generating a protected second process, and distributing a private memory area for each thread of the second process;

The protection system of the application maintains a private extended page table for each thread, wherein each private extended page table corresponds to a private memory area.

The protection system of the application, wherein the random placement module comprises:

The protection system for the application, wherein the heuristic behavior comprises memory allocation, memory permission setting, memory cloning, and memory access.

The technical effects of the invention comprise: the location of its secure area is continuously moved while the protected process using the information hiding technique is running. The method captures all possible heuristic behaviors (including memory allocation, memory permission setting, memory cloning and memory access) of an attacker during operation, and randomly moves the position of the secure area immediately after the heuristic behaviors are detected. The position of the original safety area becomes a trap area after each movement of the safety area. With the increase of the number of times of probing of the attacker, the number of times of random access to the secure area also increases, and finally the trap area in the virtual address space of the protected process becomes larger, so that the next probing of the attacker can be captured at a high probability. If any illegal access to the secure area and the trap area is detected, the invention can report alarm information to the user. The invention also realizes a brand-new thread private memory technology by utilizing a hardware virtualization technology. All threads still share the same page table, but the present invention makes each thread private with one EPT. By configuring the private EPT of each thread, it is possible to achieve that all threads cannot access the private memory areas of other threads. If one thread accesses the private memory area of another thread, an EPT violation exception is triggered, which is trapped by the present invention. The method and the device place the thread local safe area into the thread private memory area for isolation. Thus, when an attacker sprays the thread, the random entropy of the thread local safe area will not be reduced.

Drawings

FIG. 1 is a schematic diagram of a persistent random mobile secure area according to the present invention;

FIG. 2 is a diagram illustrating a thread private memory technology based on hardware virtualization technology according to the present invention;

FIG. 3 is a table of potential heuristic behavior of an attacker and the response strategy of the present invention.

Detailed Description

Specifically, the invention discloses an application protection method, which comprises the following steps:

The protection method of the application, wherein the method further comprises:

In order to make the aforementioned features and effects of the present invention more comprehensible, embodiments accompanied with figures are described in detail below.

Therefore, the invention provides an applied protection method, namely an information hiding technology, which is used for blocking the three attack channels. The application includes information such as address, thread, etc. It is designed as a kernel module (driver) of the Linux operating system. The user can use the invention only by loading the kernel module into the operating system without modifying the protected program and the defense mechanism depending on the protected program at the application layer.

The invention aims to solve the problem that the existing information hiding technology is not effective any more, and provides an application protection method and system based on the information hiding technology. The method can ensure that the existing defense mechanism using the information hiding technology can directly use the new technology to protect the security area without any modification, and the performance expense is very low.

The key point 1 is that a method of continuously and randomly moving a safety region and leaving traps in operation is adopted to protect the safety region; the technical effects are as follows: the invention monitors all possible probing behaviors of an attacker in a process virtual address space during operation. When a potential heuristic action occurs, the position of a safe area is immediately and randomly moved, and a trap (without any access authority) area with the same size is left in the original position to capture the later heuristic action of an attacker;

the key point 2 is that a brand-new thread private memory technology is realized by using a hardware virtualization two-dimensional page table technology; the technical effects are as follows: the protected process runs in a hardware virtualization environment, the invention maintains an Extended Page Table (EPT) for each thread of the protected process, and all threads still share the original process page table. Whenever a thread is scheduled to run, its guest virtual address is translated through the shared process page table and the private EPT table to get the final host physical address. The present invention configures the private EPT for each thread so that the private memory regions of other threads are not accessible in the table. When a thread of a protected process in a client accesses a private memory area of other threads, EPT exceptions are triggered to be captured by the method;

the key point 3, the invention puts the local safe area of the thread into the private memory area of the thread for isolation; the technical effects are as follows: when a thread local safety area (the thread local is extended from thread local storage), data in the thread local safety area can only be used by the current thread, and one thread cannot access the local areas of other threads) is isolated by using a thread private memory technology, and the access of any thread to the thread local safety area of other threads can be captured by the method;

the invention captures all possible probing behaviors of an attacker from a protected process (the running entity after the application is started is the protected process, and a part of data of the application is stored in the safe area) space during running. To avoid randomizing too frequently, the present invention randomly moves the position of the safe area immediately after each of these heuristic actions is detected, leaving the same size trap area in place. Fig. 1 is a schematic diagram illustrating a security area being continuously random. In the figure, it can be seen that as an attacker continuously tries to explore, the virtual memory space layout of the protected process is continuously changed, and the memory area becomes more fragmented. Such an unstable dynamic memory layout blocks attacks from channel 1.

Based on the persistent random strategy of the present invention, as the number of times of the attacker's probing is increased, more trap areas are generated in the virtual address space of the protected process, and the trap areas can increase the probability that the next probing of the attacker is captured. If an attacker touches these trap areas or secure areas, the invention triggers a security alert and interrupts the execution of the protected process. The placement of these traps can prevent the ability of an attacker to continue probing a large number of times, thereby blocking attacks from the channel 2.

To block attacks from channel 3, the present invention uses thread private memory technology to isolate secure areas local to the thread. When the thread local safe area is protected, the random entropy of the safe area is not influenced by the thread spraying technology. This is because when an attacker launches a heuristic attack within a thread, he can only access the local secure area of the thread itself.

Next, how to identify and capture the possible heuristic actions of the attacker and what corresponding actions to take is described in detail first, and then how to implement the thread private memory by using the hardware virtualization technology is described.

And identifying and capturing the tentative behaviors. In order to detect all possible heuristic behaviors of an attacker, the invention analyzes all operations of the user space for the memory. An attacker can only perform memory probes through these operations (malicious probes can be hidden into normal operations, but normal operations do not directly access the secure enclave through system calls). The present invention classifies these operations and summarizes all possible operations as heuristic actions into a table as shown in fig. 3, and the present invention directly ignores when the heuristic object is a data region. This is because the data area is very small, with no pointers to the secure area within the area. Even if an attacker takes the entire contents of the data area, it is hardly useful for them to infer the location of the secure area.

The first row in fig. 3 lists all system calls related to memory management. An attacker can apply for, release and move the memory area through the system calls, even change the access authority of the memory area, so as to detect whether the operated memory target area exists or not, and further deduce the memory layout of the protected process. The second line lists system calls that can return an EFAULT (error address) error, such as the write system call prototype "size t write (int fd, void buf, size t count)". At least one parameter in these system calls points to an address in the user space. If the memory region where the target address is located is not allocated, the system call will fail and return an EFAULT error code, but this operation will not cause the process to crash. Thus, an attacker can invoke a masked heuristic memory layout using this type of system. The third row is a system call that can clone the virtual memory space. An attacker can use the system calls to perform heuristics from the child process, and further deduce the memory layout of the parent process. The fourth row lists the normal access instructions. An attacker can use the direct access addresses of the instructions to judge whether a memory area pointed by a certain address is allocated or not. If the address does not have a corresponding allocated memory area, the memory access instruction triggers a page fault exception (page fault exception), and finally causes a process crash. However, an attacker can register the signal processing function to avoid such a crash.

Because secure regions are often hidden into a large unallocated virtual address space, and other allocated code and data regions do not have pointers to secure regions, probing code and data regions helps to infer the location of a secure region. For this reason, the present invention does nothing when an attacker probes these regions (as other regions in FIG. 3). But when the invention intercepts the operation of a heuristic action on unallocated (empty), secure and trap regions, it takes the following actions:

1. if the trap area is accessed by using the access instruction and the system call, or the safe area is accessed by calling the system call instruction, the invention can directly report the safety warning and interrupt the operation of the protected process;

2. if the unallocated area is accessed by the access instruction and the system call, the position of the safe area is randomly moved and a trap is left. It is worth noting that trap areas are not re-allocated for use by programs;

3. if the program calls a memory clone system call, the method can randomly leave a trap area at the position of a safe area in a father process (after the memory clone system call is executed, one process can generate another process, an original process is called as a father process, and a newly generated process is called as a child process;

to avoid excessive consumption of virtual memory space, the present invention sets an upper limit on the total size of the trap area. Once the trap area reaches the upper limit, the invention randomly recycles some previous trap area for the safe area.

In particular, the present invention modifies the system call table of the Linux kernel to point to its newly created system call entry (the present invention is designed as a kernel module, in which many new system calls are created as the system call entry) to intercept all the system calls mentioned in fig. 3. Similarly, in order to intercept page exceptions caused by a system call instruction and a memory access instruction (if a page table entry where a target memory page accessed by the memory access instruction is located is not mapped or access authority is incorrect, the page exceptions are triggered to enter an operating system for processing), the invention modifies an interrupt descriptor table, and when corresponding system call and page exceptions are intercepted, the invention analyzes a system call parameter or a page exception address to judge whether an access area overlaps a secure area, a trap area and the like, and further deduces whether the areas are accessed. The initial position of the initial secure area is obtained by resolving the value in the exclusive register. The present invention calls do _ mremap () (which maps an allocated memory region from one location to another) in conjunction with a randomly generated address to randomly move the location of the secure area. After the position of the safety area is randomized, the method is responsible for updating the value in the exclusive register to point to the safety area after randomization, and calling do _ mmap () to apply for a trap area without any access authority (forbidding all accesses) at the original position.

And (4) implementation of thread private memory technology. Thread private memory can be implemented directly by configuring one page table per thread (application-created thread). However, since the method cannot monitor the update of the access bit and the dirty bit in the page table entry, the normal physical memory recovery function of the operating system is damaged. Therefore, the invention provides a new thread private memory technology.

Most processors now propose hardware-assisted two-dimensional page table techniques to support memory virtualization, such as Intel and AMD. Generally, a memory access operation of a client needs to undergo two layers of address translation: the translation of guest virtual addresses to guest physical addresses and guest physical addresses to hosts (a simple example is described to describe guest and host. vmware software is installed on a win7 computer, which virtualizes a completely new hardware environment, on which is run a win10 operating system, where win7 is the host and win10 is the guest) physical addresses. The first layer of address translation is performed by hardware traversal of the client page tables, and the second layer of address translation is performed by hardware traversal of a page table maintained by Hypervisor (known as EPT by Intel and NPT by AMD). For ease of introduction, page tables maintained by Hypervisor (i.e., the aforementioned vmware software) are collectively referred to as EPT.

In a conventional virtualization scenario, a guest having multiple virtual processor cores uses one EPT. Assume a multithreaded program is running on a client having 2 virtual processor cores, where the virtual page table base registers in each virtual core of the client point to the page table base addresses of the multithread. Also, EPTP (EPT pointer) of the two virtual cores point to an EPT, and it is noted that EPTP is a term of art in virtualization, and is similar to a page table base register, except that it points to not a guest page table, but rather a host maintained EPT. Which EPT the EPTP points to in the virtual core, then which EPT is used by the virtual core for second level address translation.

Although all threads of a process share a guest page table, each guest's virtual core has its own EPTP. Thus, the thread private memory technique is implemented by configuring the EPTP of each virtual core to point to a different EPT. In the technology, each thread can own one EPT (each thread has one EPT, each virtual core has one EPTP, one virtual core can be scheduled by a guest operating system to run a great number of applications (including threads), when one virtual core runs a thread of a protected process, the EPTP of the virtual core is required to point to the EPT of the thread, and the physical pages of the guest corresponding to the thread private memory areas of other threads are configured to be inaccessible in the EPT private to the current thread. Whenever one thread accesses the thread private memory area of another thread, an EPT violation exception is triggered, which is trapped by the Hypervisor. FIG. 2 illustrates an example of the use of the thread private memory technique of the present invention. When thread 1 attempts to access its own private memory page P1, the hardware will simultaneously traverse the guest page table and EPT1 pointed to by virtual core 1, eventually accessing host physical page P3. If thread 0 accesses thread 1's private memory page P1 (i.e., P0), the access triggers an EPT violation exception to be trapped by Hypervisor since there is no P2 to P3 page mapping in EPT 0. Meanwhile, whenever the guest operating system schedules a protected thread to run on a virtual core, the Hypervisor will point the EPTP of the virtual core to the EPT unique to the thread. Each time the guest operating system schedules an unrelated process to run, the Hypervisor will point the current virtual core to a default EPT.

When the local safety area of the thread is stored in the thread private memory area supported by the technology, even if an attacker sprays the thread, any thread can only access the safety area of the thread, and the random entropy of the safety area cannot be reduced. In addition, due to the existence of thread private memory technology, thread spraying can spray out very many inaccessible areas (thread local safe areas of other threads) in the thread, and the memory heuristic action of an attacker is easier to capture by the invention.

In particular, in order to be able to run on hardware without a virtualization environment, the invention integrates a very small Hypervisor in its kernel module. Whenever the present invention is loaded into the currently running operating system, the Hypervisor is first launched, virtualizing the current running environment as a client. In order to monitor thread switching and schedule corresponding EPT, the invention utilizes a preemption notifier mechanism provided in a Linux system. The present invention is notified of the event each time a thread is scheduled to run. In order to configure the EPT entry for each thread, the present invention traverses the page entries corresponding to the local secure areas of all threads in the protected process, and finds the corresponding physical page (i.e., guest physical page). The invention configures the items in the EPT according to the guest physical pages, so that the guest physical pages corresponding to the thread local security areas of other threads in the EPT of one thread are not accessible.

The following is a system example corresponding to the above method example, and the present implementation system can be implemented in cooperation with the above embodiments. The related technical details mentioned in the above embodiments are still valid in the present implementation system, and are not described herein again for the sake of reducing repetition. Accordingly, the related-art details mentioned in the present embodiment system can also be applied to the above-described embodiments.

The invention also discloses an applied protection system, which comprises:

The protection system of this application, wherein this system still includes:

In conclusion, the invention can effectively overcome two important defects of the memory management. The technology of the invention ensures that the existing defense mechanism using the information hiding technology can directly use the new technology without any modification, and the performance cost is very low.

Information hiding techniques have been employed by many defense mechanisms to protect their critical data. Many defense mechanisms and many protected applications are source code free. Therefore, in order for these defense mechanisms to remain effective. The invention needs to develop a brand-new information hiding technology. In order to make the technology have practicability, practicality and safety, the data protection technology provided by the invention has three characteristics: 1) transparency and self-contained properties. The technology should be independent of existing defense mechanisms and the objects it protects, and can be integrated directly into these defense mechanisms; 2) all existing probe attacks can be effectively resisted; 3) low overhead characteristics. The technique should be more efficient than existing direct memory protection techniques (setting access rights).

Although the present invention has been described in terms of the above embodiments, the embodiments are merely illustrative, and not restrictive, and various changes and modifications may be made by those skilled in the art without departing from the spirit and scope of the invention, and the scope of the invention is defined by the appended claims.

Claims

1. A method for protecting an application, comprising:

2. A method for protecting an application as defined in claim 1, the method further comprising:

3. The method for protecting an application according to claim 2, wherein a private memory region is respectively associated with each private extended page table by respectively maintaining a respective independent private extended page table for each thread.

4. A method for protecting an application as claimed in claim 1, wherein the step 2 comprises:

5. A method for protecting an application as defined in claim 1, wherein the heuristic behavior comprises memory allocation, memory permission setting, memory cloning, and memory access.

6. A protection system for an application, comprising:

7. A protection system for an application according to claim 6, characterized in that the system further comprises:

8. The application protection system of claim 7, wherein each private extended page table corresponds to a private memory region by maintaining a respective and independent private extended page table for each thread.

9. The application protection system of claim 6, wherein the random placement module comprises:

10. The application protection system of claim 6, wherein the heuristic behavior comprises memory allocation, memory permission settings, memory cloning, and memory access.